我正在 OpenBSD vm(此处称为 example.com)上编写静态网页,当我通过 http 访问其域名的服务器时,我得到了 httpd 的 403 页面,当我使用时,telnet example.com 80我得到了
Date: Tue, 12 Jul 2022 01:07:01 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 498
接下来是网站的一些 html,然后curl -I example.com返回HTTP/1.0 403 Forbidden... Connection: close。我猜想它与我的 pf.conf 有关,因此它在这里:
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
IP4 = "10.0.0.1"
IP6 = "2001:db8::/80"
FlushUDP = "max-pkt-rate 10000/10 keep state (max 1000, source-track rule, max-src-nodes 200, max-src-states 200)"
Flush = "keep state (max 100, source-track rule, max-src-nodes 20, max-src-conn-rate 50/10 overload <abuse> flush global)"
block all
set skip on lo
set block-policy drop
set loginterface vio0
set syncookies adaptive (start 25%, end 12%)
table <abuse> persist file "/etc/pf/abuse"
block in log quick from <abuse>
pass in log quick proto udp to {$IP4 $IP6} port {domain, isakmp, ntp, ipsec-nat-t} $FlushUDP
block in log quick proto udp to {$IP4 $IP6}
block in log quick from urpf-failed
pass in on vio0 inet proto icmp icmp-type 8 code 0 $FlushUDP # icmp packets
pass in on vio0 inet proto icmp icmp-type 3 code 4 $FlushUDP # icmp needfrag (MTU)
pass in log quick on vio0 proto ipv6-icmp $FlushUDP
match in all scrub (no-df random-id max-mss 1440)
#came with the server
block return out log proto {tcp, udp} user _pbuild
block return in on ! lo0 proto tcp to port 6000:6010
match out on agress inet from !(egress:network) to any nat-to (egress:0)
#tcp rules
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port domain $Flush
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port auth $Flush
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port {gopher www http https} $Flush
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port { 6660:6669 6697} $Flush #consdier adding more ports
pass in on vio0 log quick proto tcp to {$IP4 $IP6} port 1337 $Flush #bouncer
#my own rules
block in quick on vio0 proto tcp from any os {"Mac OS", NMAP}
#pass in on egress proto tcp from any to egress port { www, https, 6667, 6697, git} synproxy state
#block in quick on egress proto {tcp, udp, icmp} from any to any modulate state (if-bound)
antispoof for vio0 inet
antispoof for vio0 inet6
block return # block stateless traffic
pass # establish keep-state
,/etc/pf/abuse的内容:
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
224.0.0.0/3
192.168.0.0/16
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
,这是/etc/httpd.conf:
types{ include "/usr/share/misc/mime.types"}
server "example.com"{
alias "www.example.com"
listen on * port 80
location "/.well-known/acme-challenge/*"{
root "/htdocs/example.com"
request strip 2
}
}
hostname.vio0包含单独行上的
inet autoconf& ,包含(因此仅包含路由器的 ipv6 地址),并且包含单独行上的& ,其中 [IP ADDRESS] 是服务器的 ipv4 地址。inet6 2a03:6000:6e64:618::221 64mygate2a03:6000:6e64:618::1resolv.confnameserver [IP ADDRESS] # resolvd: vio0lookup file bind
我试图获取的是 HTTP/1.0 302 Found 的 telnet 响应或到达 index.htm,它现在是简单的文本。
答案1
默认值为index,index.html默认index位置为/var/www/htdocs,因此向或发送请求时要查找的/var/www/htdocs/index.html位置也是。httpdexample.comwww.example.com
根据您上面的评论,以下服务器块应该可以工作:
types { include "/usr/share/misc/mime.types" }
server "example.com" {
alias "www.example.com"
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/htdocs/example.com"
request strip 2
}
root "/var/www/htdocs/example.com"
directory index index.htm
}
或者,你应该找到你当前的index.htm:
curl -I example.com/example.com/index.htm